Virus and Spyware Removal Guides, uninstall instructions

What is Blm ransomware?

Blm is malicious software belonging to the Dharma ransomware family. It operates by encrypting data and demanding payment for decryption. During the encryption process, all compromised files are renamed following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email addresses and the ".blm" extension.

For example, a file like "1.jpg" would appear as something similar to "1.jpg.id-C279F237.[blacklivesmatter@qq.com].blm" following encryption. Once this process is complete, ransom messages are created in a pop-up window and "FILES ENCRYPTED.txt" text file.

What is WebFunctionSearch?

WebFunctionSearch is designed to promote the address of a fake search engine and serve advertisements (it thus functions as a browser hijacker and adware). These apps commonly collect browsing-related information.

Users do not often download or install WebFunctionSearch (or similar apps) intentionally and, for this reason, they are classified as potentially unwanted applications (PUAs). This particular app is distributed through a deceptive (fake) Adobe Flash Player installer.

What is PopBlock+?

PopBlock+ (also known as PBlock+) is rogue software classified as adware. It is endorsed as a tool capable of blocking pop-ups displayed by websites, however, following successful installation, PopBlock+ runs intrusive advertisement campaigns. I.e., it delivers various dubious and harmful ads.

Additionally, this adware has data tracking capabilities, which are used to monitor users' browsing capabilities. Due to the dubious methods used to proliferate PopBlock+, it is also classified as a Potentially Unwanted Application (PUA).

What is T-RAT?

T-RAT is a Remote Access Trojan (RAT) and malware capable of logging keystrokes, replacing cryptocurrency wallet addresses in the system clipboard, recording audio using the computer microphone and video using the webcam, executing commands via the CMD (Command Prompt) and PowerShell, and managing files.

Cyber criminals responsible can use infected computers to generate revenue in various ways. Research shows that this malware can be purchased on a hacker forum for 3500 rubles.

What is MovieBoxSearch?

MovieBoxSearch is a browser hijacker. Following successful installation, it makes alterations to browser settings to promote movieboxsearch.com (a bogus search engine). This browser hijacker also has data tracking capabilities, which are employed to collect browsing-related information.

Since most users install MovieBoxSearch unintentionally, it is also classified as a Potentially Unwanted Application (PUA).

What is BD?

BD ransomware encrypts files, creates the "HOW TO DECRYPT FILES.txt" text file (a ransom message) in every folder that contains encrypted files and displays another in a pop-up window, and renames files by appending the ".BD" extension. For example, it would change a file named "1.jpg" to "1.jpg.BD", "2.jpg" to "2.jpg.BD", and so on.

What kind of malware is CryLock?

Discovered by Albert Zsigovits, CryLock is the name of a malicious program, which is a new variant of Cryakl ransomware. This malware is designed to encrypt data and demand payment for decryption.

During the encryption process, all affected files are renamed according to the following pattern: developer's email address; victim's unique ID, and; an extension consisting of three random characters. The extension is randomized for every file.

For example, files originally named "1.jpg", "2.jpg" and "3.jpg" would appear as something similar to "1.jpg[grand@horsef***er.org][512064768-1578909375].ycs", "2.jpg[grand@horsef***er.org][512064768-1578909375].wkm and "3.jpg[grand@horsef***er.org][512064768-1578909375].muc - respectively.

After completion of this process, CryLock ransomware displays a pop-up window that contains the ransom message.

What is SportsSearcher?

SportsSearcher promotes the sports-searcher.com (a fake search engine) by making certain modifications to browser settings. Like most browser hijackers, it collects browsing-related information (browsing data) as well.

Generally, users download and install browser hijackers unintentionally and, therefore, apps of this type are classified as potentially unwanted applications (PUAs).

What is WebNavigatorBrowser?

WebNavigatorBrowser is an ad-supported web browser based on Chromium, a free and open-source software project from Google. Do not use browsers that have functionality of adware (software that serves advertisements). Furthermore, this browser could be designed to collect browsing-related (and other) information.

What kind of malware is RedLine Stealer?

RedLine Stealer (also known as RedLine) is a malicious program which can be purchased on hacker forums for $150/$200 depending on the version. It can be used to steal information and infect operating systems with other malware.

Generally, cyber criminals attempt to infect computers with malicious software such as RedLine Stealer to generate revenue by misusing accessed (stolen) details and/or by infecting systems with other software of this type to achieve the same purpose. If there is any reason to suspect that your computer is infected with RedLine Stealer, remove it immediately.